Skip to content

LVI hardening tests #77008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Sep 28, 2020
Merged

LVI hardening tests #77008

merged 14 commits into from
Sep 28, 2020

Conversation

raoulstrackx
Copy link
Contributor

Mitigating the speculative execution LVI attack against SGX enclaves requires compiler changes (i.e., adding lfences). This pull requests adds various tests to check if this happens correctly.

@rust-highfive
Copy link
Contributor

r? @Mark-Simulacrum

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Sep 21, 2020
@raoulstrackx raoulstrackx force-pushed the raoul/lvi-tests branch 2 times, most recently from 6026a2f to e3ae538 Compare September 23, 2020 14:31
Mark-Simulacrum
Mark-Simulacrum reviewed Sep 24, 2020
View reviewed changes
@Mark-Simulacrum
Copy link
Member

It looks like some of this is testing C and C++ LVI, as well, which seems a bit out of place for this repository? Could you elaborate why those tests are added?

@Mark-Simulacrum Mark-Simulacrum added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Sep 24, 2020
@raoulstrackx
Copy link
Contributor Author

For the x86_64-fortanix-unknown-sgx target it is important that all code is hardened that will end up in an SGX enclave. Unfortunately, crates may include assembly, C, C++ code as well that needs to be hardened. We need to check if this is done properly.
Assembly code is certainly compiled as part of the standard library, C/C++ code may not be.

@Mark-Simulacrum
Copy link
Member

Okay, I think this is reasonable. It's not too many additional tests and they're SGX only so I'm not too worried in that respect either.

@bors r+ rollup=iffy

@bors
Copy link
Collaborator

bors commented Sep 25, 2020

📌 Commit 159d11f has been approved by Mark-Simulacrum

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Sep 25, 2020
@bors
Copy link
Collaborator

bors commented Sep 26, 2020

⌛ Testing commit 159d11f with merge 032ab1893ec16166331dc85d0b56456bf5442a39...

@rust-log-analyzer
Copy link
Collaborator

Your PR failed (pretty log, raw log). Through arcane magic we have determined that the following fragments from the build log may contain information about the problem.

Click to expand the log.

I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact @rust-lang/infra. (Feature Requests)

@bors
Copy link
Collaborator

bors commented Sep 26, 2020

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Sep 26, 2020
@kennytm
Copy link
Member

kennytm commented Sep 27, 2020

@bors retry

https://github.com/rust-lang-ci/rust/runs/1169263815 i686-msvc-2 failed to download clang.

curl: (56) OpenSSL SSL_read: Connection was reset, errno 10054

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Sep 27, 2020
@bors
Copy link
Collaborator

bors commented Sep 28, 2020

⌛ Testing commit 159d11f with merge 6369a98...

@bors
Copy link
Collaborator

bors commented Sep 28, 2020

☀️ Test successful - checks-actions, checks-azure
Approved by: Mark-Simulacrum
Pushing 6369a98 to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Sep 28, 2020
@bors bors merged commit 6369a98 into rust-lang:master Sep 28, 2020
@rustbot rustbot added this to the 1.48.0 milestone Sep 28, 2020
@workingjubilee workingjubilee added the O-SGX Target: SGX label Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mark-Simulacrum Mark-Simulacrum Mark-Simulacrum left review comments

Assignees

@Mark-Simulacrum Mark-Simulacrum

Labels
merged-by-bors This PR was explicitly merged by bors. O-SGX Target: SGX S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.48.0
Development

Successfully merging this pull request may close these issues.
8 participants
@raoulstrackx @rust-highfive @Mark-Simulacrum @bors @rust-log-analyzer @kennytm @workingjubilee @rustbot